Some security researchers, including security firm Flashpoint, blamed the attack on Xiongmai’s lagging security practices and use of a default username and password in its software and camera components.

That weakness, and similar weaknesses in other IoT products, allowed criminals to create a massive botnet of compromised connected devices. Xiongmai told the BBC that its webcams didn’t make up the majority of the devices in the botnet, however.

The DDoS attack relied on a malware called Mirai to compromise connected devices that use default passwords and usernames. (Friendly reminder: always change your connected device’s username and password!)

[..]

Mirai’s source code was publicly released earlier this month, which researchers said would lead to higher profile attacks.

So far, Mirai has infected at least 493,000 devices. Before the source code was released, only 213,000 devices had been compromised. This is likely only one of many DDoS attacks we’ll see as Mirai continues to search out and exploit vulnerable devices.

Roger Stringer spends most of his time solving problems for people, and otherwise occupying himself with being a dad, cooking, speaking, learning, writing, reading, and the overall pursuit of life. He lives in Penticton, British Columbia, Canada